Submission Details
Severity:
"The `_getBaseWeight` function will return incorrect weights."
Summary
"An incorrect argument is passed to getGaugeWeight to retrieve the user’s weight."
Vulnerability Details
The _getBaseWeight function is used to get the base weight of a user account, but in the implementation below, the contract's address (this) is incorrectly passed instead of the user's account address.
function _getBaseWeight(address account) internal view virtual returns (uint256) {
return IGaugeController(controller).getGaugeWeight(address(this)); //- incorrectvalue passed in the getGaugeWeight
Impact
"The getBaseWeight function will return the weight of this address instead of the user's base weight."
Recommendations
Implementation following change :-
function _getBaseWeight(address account) internal view virtual returns (uint256) {
- return IGaugeController(controller).getGaugeWeight(address(this));
+ return IGaugeController(controller).getGaugeWeight(account);
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
BaseGauge._getBaseWeight ignores account parameter and returns gauge's total weight, allowing users to claim rewards from gauges they never voted for or staked in
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
BaseGauge._getBaseWeight ignores account parameter and returns gauge's total weight, allowing users to claim rewards from gauges they never voted for or staked in
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.